_check_file_access_8php_source.html

<?php


namespace Bitrix\Im\V2\Controller\Filter;


use Bitrix\Disk\Driver;

use Bitrix\Disk\File;

use Bitrix\Disk\Security\DiskSecurityContext;

use Bitrix\Im\V2\Chat\ChatError;

use Bitrix\Main\Engine\ActionFilter\Base;

use Bitrix\Main\Error;

use Bitrix\Main\Event;

use Bitrix\Main\EventResult;

use Bitrix\Main\File\Image;


class CheckFileAccess extends Base

{

    private array $path;


    public function __construct(array $path)

    {

        parent::__construct();

        $this->path = $path;

    }


    public function onBeforeAction(Event $event)

    {

        $fileId = $this->extractFileId();


        if (!is_numeric($fileId))

        {

            return null;

        }


        $fileResult = \CFile::GetByID($fileId);

        $file = (isset($fileResult) && $fileResult) ? $fileResult->Fetch() : null;

        $info = (new Image($_SERVER["DOCUMENT_ROOT"] . $file['SRC']))->getInfo();

        if (!$info)

        {

            $this->addError(new Error(

                'Wrong file type',

                ChatError::WRONG_PARAMETER

            ));

            return new EventResult(EventResult::ERROR, null, null, $this);

        }


        $currentUser = $this->getAction()->getCurrentUser();

        $userId = isset($currentUser) ? $currentUser->getId() : null;

        $securityContext = new DiskSecurityContext((int)$userId);

        $parameters = [

            'filter' => ['FILE_ID' => $fileId],

            'with' => ['CREATE_USER']

        ];

        $parameters = Driver::getInstance()->getRightsManager()->addRightsCheck($securityContext, $parameters, ['ID', 'CREATED_BY']);


        $fileCollection = File::getModelList($parameters);

        if (!$fileCollection)

        {

            $this->addError(new Error(

                'File is not accessible',

                ChatError::WRONG_PARAMETER

            ));

            return new EventResult(EventResult::ERROR, null, null, $this);

        }


        return null;

    }


    private function extractFileId()

    {

        $arguments = $this->getAction()->getArguments();


        $value = $arguments;


        foreach ($this->path as $key)

        {

            if (!is_array($value))

            {

                return null;

            }


            $value = $value[$key] ?? null;

        }


        return $value;

    }

}


$userId
if(!is_object($USER)||! $USER->IsAuthorized()) $userId
Определения check_mail.php:18

Bitrix\Im\V2\Chat\ChatError\WRONG_PARAMETER
const WRONG_PARAMETER
Определения ChatError.php:12

Bitrix\Im\V2\Controller\Filter\CheckFileAccess
Определения CheckFileAccess.php:16

Bitrix\Im\V2\Controller\Filter\CheckFileAccess\onBeforeAction
onBeforeAction(Event $event)
Определения CheckFileAccess.php:25

Bitrix\Im\V2\Controller\Filter\CheckFileAccess\__construct
__construct(array $path)
Определения CheckFileAccess.php:19

Bitrix\Main\Engine\ActionFilter\Base
Определения base.php:15

Bitrix\Main\Engine\ActionFilter\Base\addError
addError(Error $error)
Определения base.php:80

Bitrix\Main\Engine\ActionFilter\Base\getAction
getAction()
Определения base.php:48

Bitrix\Main\Error
Определения error.php:15

Bitrix\Main\EventResult
Определения eventresult.php:5

array
</td ></tr ></table ></td ></tr >< tr >< td class="bx-popup-label bx-width30"><?=GetMessage("PAGE_NEW_TAGS")?> array( $site)
Определения file_new.php:804

$_SERVER
$_SERVER["DOCUMENT_ROOT"]
Определения cron_frame.php:9

$info
if($NS['step']==6) if( $NS[ 'step']==7) if(COption::GetOptionInt('main', 'disk_space', 0) > 0) $info
Определения backup.php:924

Bitrix\Im\V2\Chat\ExternalChat\Event
Определения AfterCreateEvent.php:3

Bitrix\Main\File\Image
Определения Color.php:9

$event
$event
Определения prolog_after.php:141

$key
if(empty($signedUserToken)) $key
Определения quickway.php:257

path
path
Определения template_copy.php:201